The Vendor is required to provide to perform an assessment of the current elections and recorder operations (ERO) technology suite of applications including software, architecture, technical documentation and underlying technology and services stack in order to provide an evaluative report including recommendations for efficiency optimization and modernization.
- This includes ensuring that separate databases and supporting infrastructure are in place to maintain operational independence, data integrity, data access, and security for each department.
- Recommendations for database architecture and process flows to support independent departmental development and usage.
- Assess existing ERO system technology and software architecture and make recommendations for efficiency optimization and modernization.
- Recommendations to increase efficient operation, shore up access control surfaces and scalability of the ERO system.
- Assess the operational impact of any recommended changes to the existing ERO system.
- Review the public records request (PRR) fulfillment process and make suggestions to increase efficiencies and serviceability from the ERO system.
- This may include but not be limited to interviews with staff individually or in groups, review of statutes, policies, and standard operating procedures to evaluate each functional area.
- Provide all staff and supervision needed to complete the work and provide a final report addressed to the county.
- Assess the development pipeline from evaluation of intake to quality assurance, release, and monitoring.
- Assess the team roles and responsibilities matrix to identify areas of expertise without redundancy.
- Review coding standards, documentation and azure DEVOPS (ado) workflows.
- Assess code review tools, AI development tools, and code documentation tools.
- Review process for meeting structures, release notes, and requirements gathering to include formal and informal communications practices.
- Assess current training and development pathways to provide improvement recommendations for this process.
- Review the full architectural breakdown of the ERO application using various documentation.
- Review and analyze database information to suggest consolidations and changes to existing structures.
- Assess the ERO application and database workflows to compare against development (dev) / user acceptance (UAT) and production (prod) environments and suggest efficiencies and optimizations.
- API structures, and GIS identifying permission and access control gaps.
- Public records request workflows and underlying infrastructure.
- Include an inventory of sensitive data types and data flows.
- Assess and analyze controls that secure access to sensitive data related to roles and permissions of users to understand if the use of least privilege and role based access controls (RBAC) meet regulatory requirements.
- Investigate access and analyze access levels for administrators, personnel with read only access, temporary access, and business cases to support the need for access levels.  
- This is intended to be a review of access control policies, and data sharing policies, not an application security assessment.
- Review the ERO application and workflows and make suggestions on enhancing security and minimizing risk associated with voter registration data.  
- Contract Period/Term: 6 years